How to discuss cloud security with your clients

Data breaches can make customers nervous; here’s a list of tips for service providers

Cloud security has been a hot-button issue for many companies, both large and small. It’s a leading reason why some companies have yet to fully embrace a true cloud migration strategy. And even for those companies that have invested, they want reassurance from their IT service provider about the advancements of cloud security.

Most likely, as a service provider you’ve encountered this discussion time and again. Especially when data breaches happen, such as the one recently with Capital One, clients can become nervous. It’s your role to properly explain and reinforce the quality security attributes of the cloud – and the experts at DXC SLMS can help you have this conversation appropriately.

Despite the challenges and negative news articles, businesses of every size are still focused on embracing and adopting the Cloud for their organizations. According to IDC, enterprises are predicted to invest over $3.5 million on average for cloud investments within the next year. This expenditure will take 30% of their total IT budget in 2020.

Connecting data breaches to cloud security

The person involved with Capital One allegedly found an opening in the bank’s systems to exploit a weakness in some misconfigured networks, according to a Wall Street Journal analysis of hundreds of the perpetrator’s online messages and interviews with people familiar with the investigation.

Security professionals for years have repeatedly warned about this type of gap, which the messages and interviews suggest she used to trick a system in the cloud to uncover the sensitive credentials she needed to access the vast number of customer records.

What’s most alarming is that while this happened to Capital One, small businesses the size of many of your customers can be just as susceptible to a cloud-based data breach. In fact, small-and-midsized businesses are targeted 43% of the time, according to SCORE, a resource for the Small Business administration (SBA).

Following are a handful of tips you can use to help discuss cloud security with your end customers to reassure them of the positive attributes of running their business in the cloud.

1: Discuss security threats with employees: By discussing with client employees proper defense practices, you can ensure they help minimize risk and prevent cloud security threats. Be sure to involve the entire company in this discussion and set up an action plan that is built for proper protocols.

2. Secure a data backup plan: Be sure to talk about the need for a secure backup of data. Work with your clients to distribute data and applications across multiple zones for added protection.

3. Discuss who has access to data files: Work with your client to discuss who has access, and what are they trying to access? Establish proper controls to manage risk.

4. Discuss passwords with clients: Unfortunately, it is estimated that as many as 90% of passwords today can be cracked easily. Discuss proper ways to develop secure passwords with your client and set up a protocol in changing passwords often.

5. Testing, and then more testing: Penetration testing can be a great way to identify and address vulnerabilities so that you can minimize any threats. As the service provider you should be a central figure in any tests but be sure to help your clients understand how these tests can be valuable to their business.

6. Establish cloud governance going forward: Once everything is in place and testing has been concluded, work with your end customer to design cloud governance policies for the entire company. These will ensure compliance with internal and external data privacy mandates. This is where ongoing training is a good idea, and this can also be a great way for you to build continuous trust and reliability with your customers. Be sure to also conduct periodic digital perimeter checks and risk assessments and stay alert to the ever-changing security landscape.

Who to partner with for successful outcomes

As cloud-based hosted software services continue to reshape and expand the principles of modern IT, the future of any hosting services provider depends on the quality of its partnerships. DXC SLMS Hosting offers service providers the best opportunity to build the right portfolio of cloud-based hosted solutions, including Microsoft Azure for CSP, that best positions for optimum business growth potential while cutting costs out of the portfolio.